mcp-scaleway 0.2.0 → 0.2.2

package/dist/index.js

@@ -2110,16 +2110,87 @@ function registerMongodbTools(server) {
   server.tool("scaleway_mongodb_list_versions", "List available MongoDB versions", ListVersionsParams.shape, async (params) => handleListVersions(params));
 }
 
+// src/shared/s3-signer.ts
+import { createHash, createHmac } from "node:crypto";
+function hmacSha256(key, data) {
+  return createHmac("sha256", key).update(data, "utf8").digest();
+}
+function sha256Hex(data) {
+  return createHash("sha256").update(data).digest("hex");
+}
+function getSigningKey(secretKey, dateStamp, region) {
+  const kDate = hmacSha256(`AWS4${secretKey}`, dateStamp);
+  const kRegion = hmacSha256(kDate, region);
+  const kService = hmacSha256(kRegion, "s3");
+  return hmacSha256(kService, "aws4_request");
+}
+function signS3Request(params) {
+  const { method, url, accessKey, secretKey, region } = params;
+  const parsedUrl = new URL(url);
+  const now = new Date;
+  const dateStamp = now.toISOString().replace(/[-:]/g, "").slice(0, 8);
+  const amzDate = `${dateStamp}T${now.toISOString().replace(/[-:]/g, "").slice(9, 15)}Z`;
+  const payloadHash = params.body ? sha256Hex(params.body) : sha256Hex("");
+  const headers = {
+    ...params.headers,
+    host: parsedUrl.host,
+    "x-amz-date": amzDate,
+    "x-amz-content-sha256": payloadHash
+  };
+  const lowerHeaders = {};
+  for (const [k, v] of Object.entries(headers)) {
+    lowerHeaders[k.toLowerCase()] = v;
+  }
+  const sortedHeaderKeys = Object.keys(lowerHeaders).sort();
+  const canonicalHeaders = sortedHeaderKeys.map((k) => `${k}:${lowerHeaders[k]}
+`).join("");
+  const signedHeaders = sortedHeaderKeys.join(";");
+  const queryParams = [...parsedUrl.searchParams.entries()].sort(([a], [b]) => a.localeCompare(b));
+  const canonicalQueryString = queryParams.map(([k, v]) => `${encodeURIComponent(k)}=${encodeURIComponent(v)}`).join("&");
+  const canonicalUri = parsedUrl.pathname;
+  const canonicalRequest = [
+    method,
+    canonicalUri,
+    canonicalQueryString,
+    canonicalHeaders,
+    signedHeaders,
+    payloadHash
+  ].join(`
+`);
+  const credentialScope = `${dateStamp}/${region}/s3/aws4_request`;
+  const stringToSign = [
+    "AWS4-HMAC-SHA256",
+    amzDate,
+    credentialScope,
+    sha256Hex(canonicalRequest)
+  ].join(`
+`);
+  const signingKey = getSigningKey(secretKey, dateStamp, region);
+  const signature = hmacSha256(signingKey, stringToSign).toString("hex");
+  const authorization = `AWS4-HMAC-SHA256 Credential=${accessKey}/${credentialScope}, SignedHeaders=${signedHeaders}, Signature=${signature}`;
+  return {
+    ...params.headers,
+    host: parsedUrl.host,
+    "x-amz-date": amzDate,
+    "x-amz-content-sha256": payloadHash,
+    Authorization: authorization
+  };
+}
+
 // src/tools/object-storage/handlers.ts
 function buildEndpoint(region) {
   return `https://s3.${region}.scw.cloud`;
 }
-function buildHeaders(accessKey, secretKey) {
-  return {
-    "X-Auth-Token": secretKey,
-    "X-Amz-Content-Sha256": "UNSIGNED-PAYLOAD",
-    Authorization: `SCW ${accessKey}:${secretKey}`
-  };
+function buildSignedHeaders(params) {
+  return signS3Request({
+    method: params.method,
+    url: params.url,
+    headers: params.extraHeaders ?? {},
+    body: params.body,
+    accessKey: params.accessKey,
+    secretKey: params.secretKey,
+    region: params.region
+  });
 }
 function formatSuccess(data) {
   return {
@@ -2130,9 +2201,15 @@ async function handleListBuckets(input) {
   try {
     const config = loadAuthConfig();
     const region = input.region ?? config.defaultRegion;
-    const endpoint = buildEndpoint(region);
-    const headers = buildHeaders(config.accessKey, config.secretKey);
-    const response = await fetch(endpoint, { method: "GET", headers });
+    const url = buildEndpoint(region);
+    const headers = buildSignedHeaders({
+      method: "GET",
+      url,
+      accessKey: config.accessKey,
+      secretKey: config.secretKey,
+      region
+    });
+    const response = await fetch(url, { method: "GET", headers });
     if (!response.ok) {
       const errText = await response.text();
       return formatErrorResponse(mapScalewayError(Object.assign(new Error(errText), { statusCode: response.status })));
@@ -2148,14 +2225,20 @@ async function handleCreateBucket(input) {
   try {
     const config = loadAuthConfig();
     const region = input.region ?? config.defaultRegion;
-    const endpoint = buildEndpoint(region);
-    const headers = {
-      ...buildHeaders(config.accessKey, config.secretKey)
-    };
+    const url = `${buildEndpoint(region)}/${input.name}`;
+    const extraHeaders = {};
     if (input.acl) {
-      headers["x-amz-acl"] = input.acl;
+      extraHeaders["x-amz-acl"] = input.acl;
     }
-    const response = await fetch(`${endpoint}/${input.name}`, {
+    const headers = buildSignedHeaders({
+      method: "PUT",
+      url,
+      accessKey: config.accessKey,
+      secretKey: config.secretKey,
+      region,
+      extraHeaders
+    });
+    const response = await fetch(url, {
       method: "PUT",
       headers
     });
@@ -2172,9 +2255,15 @@ async function handleDeleteBucket(input) {
   try {
     const config = loadAuthConfig();
     const region = input.region ?? config.defaultRegion;
-    const endpoint = buildEndpoint(region);
-    const headers = buildHeaders(config.accessKey, config.secretKey);
-    const response = await fetch(`${endpoint}/${input.name}`, {
+    const url = `${buildEndpoint(region)}/${input.name}`;
+    const headers = buildSignedHeaders({
+      method: "DELETE",
+      url,
+      accessKey: config.accessKey,
+      secretKey: config.secretKey,
+      region
+    });
+    const response = await fetch(url, {
       method: "DELETE",
       headers
     });
@@ -2191,25 +2280,47 @@ async function handleGetBucketInfo(input) {
   try {
     const config = loadAuthConfig();
     const region = input.region ?? config.defaultRegion;
-    const endpoint = buildEndpoint(region);
-    const headers = buildHeaders(config.accessKey, config.secretKey);
-    const headResponse = await fetch(`${endpoint}/${input.name}`, {
+    const baseUrl = `${buildEndpoint(region)}/${input.name}`;
+    const headHeaders = buildSignedHeaders({
       method: "HEAD",
-      headers
+      url: baseUrl,
+      accessKey: config.accessKey,
+      secretKey: config.secretKey,
+      region
+    });
+    const headResponse = await fetch(baseUrl, {
+      method: "HEAD",
+      headers: headHeaders
     });
     if (!headResponse.ok) {
       const errText = "Bucket not found or access denied";
       return formatErrorResponse(mapScalewayError(Object.assign(new Error(errText), { statusCode: headResponse.status })));
     }
-    const versioningResponse = await fetch(`${endpoint}/${input.name}?versioning`, {
+    const versioningUrl = `${baseUrl}?versioning`;
+    const versioningHeaders = buildSignedHeaders({
       method: "GET",
-      headers
+      url: versioningUrl,
+      accessKey: config.accessKey,
+      secretKey: config.secretKey,
+      region
+    });
+    const versioningResponse = await fetch(versioningUrl, {
+      method: "GET",
+      headers: versioningHeaders
     });
     const versioningXml = versioningResponse.ok ? await versioningResponse.text() : "";
     const versioning = parseVersioningXml(versioningXml);
-    const listResponse = await fetch(`${endpoint}/${input.name}?list-type=2&max-keys=0`, {
+    const listUrl = `${baseUrl}?list-type=2&max-keys=0`;
+    const listHeaders = buildSignedHeaders({
       method: "GET",
-      headers
+      url: listUrl,
+      accessKey: config.accessKey,
+      secretKey: config.secretKey,
+      region
+    });
+    const listResponse = await fetch(listUrl, {
+      method: "GET",
+      headers: listHeaders
     });
     const listXml = listResponse.ok ? await listResponse.text() : "";
     const objectCount = parseKeyCount(listXml);
@@ -2230,8 +2341,6 @@ async function handleListObjects(input) {
   try {
     const config = loadAuthConfig();
     const region = input.region ?? config.defaultRegion;
-    const endpoint = buildEndpoint(region);
-    const headers = buildHeaders(config.accessKey, config.secretKey);
     const params = new URLSearchParams({ "list-type": "2" });
     if (input.prefix)
       params.set("prefix", input.prefix);
@@ -2241,7 +2350,15 @@ async function handleListObjects(input) {
       params.set("max-keys", String(input.maxKeys));
     if (input.continuationToken)
       params.set("continuation-token", input.continuationToken);
-    const response = await fetch(`${endpoint}/${input.bucket}?${params.toString()}`, {
+    const url = `${buildEndpoint(region)}/${input.bucket}?${params.toString()}`;
+    const headers = buildSignedHeaders({
+      method: "GET",
+      url,
+      accessKey: config.accessKey,
+      secretKey: config.secretKey,
+      region
+    });
+    const response = await fetch(url, {
       method: "GET",
       headers
     });
@@ -2260,9 +2377,15 @@ async function handleGetObjectInfo(input) {
   try {
     const config = loadAuthConfig();
     const region = input.region ?? config.defaultRegion;
-    const endpoint = buildEndpoint(region);
-    const headers = buildHeaders(config.accessKey, config.secretKey);
-    const response = await fetch(`${endpoint}/${input.bucket}/${encodeURIComponent(input.key)}`, {
+    const url = `${buildEndpoint(region)}/${input.bucket}/${encodeURIComponent(input.key)}`;
+    const headers = buildSignedHeaders({
+      method: "HEAD",
+      url,
+      accessKey: config.accessKey,
+      secretKey: config.secretKey,
+      region
+    });
+    const response = await fetch(url, {
       method: "HEAD",
       headers
     });
@@ -2288,21 +2411,28 @@ async function handlePutObject(input) {
   try {
     const config = loadAuthConfig();
     const region = input.region ?? config.defaultRegion;
-    const endpoint = buildEndpoint(region);
-    const headers = {
-      ...buildHeaders(config.accessKey, config.secretKey)
-    };
+    const url = `${buildEndpoint(region)}/${input.bucket}/${encodeURIComponent(input.key)}`;
+    const extraHeaders = {};
     if (input.contentType)
-      headers["Content-Type"] = input.contentType;
+      extraHeaders["Content-Type"] = input.contentType;
     if (input.storageClass)
-      headers["x-amz-storage-class"] = input.storageClass;
+      extraHeaders["x-amz-storage-class"] = input.storageClass;
     if (input.metadata) {
       for (const [k, v] of Object.entries(input.metadata)) {
-        headers[`x-amz-meta-${k}`] = v;
+        extraHeaders[`x-amz-meta-${k}`] = v;
       }
     }
     const body = input.contentBase64 ? Buffer.from(input.contentBase64, "base64") : undefined;
-    const response = await fetch(`${endpoint}/${input.bucket}/${encodeURIComponent(input.key)}`, {
+    const headers = buildSignedHeaders({
+      method: "PUT",
+      url,
+      accessKey: config.accessKey,
+      secretKey: config.secretKey,
+      region,
+      extraHeaders,
+      body
+    });
+    const response = await fetch(url, {
       method: "PUT",
       headers,
       body
@@ -2324,9 +2454,15 @@ async function handleDeleteObject(input) {
   try {
     const config = loadAuthConfig();
     const region = input.region ?? config.defaultRegion;
-    const endpoint = buildEndpoint(region);
-    const headers = buildHeaders(config.accessKey, config.secretKey);
-    const response = await fetch(`${endpoint}/${input.bucket}/${encodeURIComponent(input.key)}`, {
+    const url = `${buildEndpoint(region)}/${input.bucket}/${encodeURIComponent(input.key)}`;
+    const headers = buildSignedHeaders({
+      method: "DELETE",
+      url,
+      accessKey: config.accessKey,
+      secretKey: config.secretKey,
+      region
+    });
+    const response = await fetch(url, {
       method: "DELETE",
       headers
     });
@@ -2345,9 +2481,15 @@ async function handleGetBucketPolicy(input) {
   try {
     const config = loadAuthConfig();
     const region = input.region ?? config.defaultRegion;
-    const endpoint = buildEndpoint(region);
-    const headers = buildHeaders(config.accessKey, config.secretKey);
-    const response = await fetch(`${endpoint}/${input.bucket}?policy`, {
+    const url = `${buildEndpoint(region)}/${input.bucket}?policy`;
+    const headers = buildSignedHeaders({
+      method: "GET",
+      url,
+      accessKey: config.accessKey,
+      secretKey: config.secretKey,
+      region
+    });
+    const response = await fetch(url, {
       method: "GET",
       headers
     });
@@ -2368,12 +2510,17 @@ async function handleSetBucketPolicy(input) {
   try {
     const config = loadAuthConfig();
     const region = input.region ?? config.defaultRegion;
-    const endpoint = buildEndpoint(region);
-    const headers = {
-      ...buildHeaders(config.accessKey, config.secretKey),
-      "Content-Type": "application/json"
-    };
-    const response = await fetch(`${endpoint}/${input.bucket}?policy`, {
+    const url = `${buildEndpoint(region)}/${input.bucket}?policy`;
+    const headers = buildSignedHeaders({
+      method: "PUT",
+      url,
+      accessKey: config.accessKey,
+      secretKey: config.secretKey,
+      region,
+      extraHeaders: { "Content-Type": "application/json" },
+      body: input.policy
+    });
+    const response = await fetch(url, {
       method: "PUT",
       headers,
       body: input.policy
@@ -2391,9 +2538,15 @@ async function handleGetBucketLifecycle(input) {
   try {
     const config = loadAuthConfig();
     const region = input.region ?? config.defaultRegion;
-    const endpoint = buildEndpoint(region);
-    const headers = buildHeaders(config.accessKey, config.secretKey);
-    const response = await fetch(`${endpoint}/${input.bucket}?lifecycle`, {
+    const url = `${buildEndpoint(region)}/${input.bucket}?lifecycle`;
+    const headers = buildSignedHeaders({
+      method: "GET",
+      url,
+      accessKey: config.accessKey,
+      secretKey: config.secretKey,
+      region
+    });
+    const response = await fetch(url, {
       method: "GET",
       headers
     });
@@ -2415,13 +2568,18 @@ async function handleSetBucketLifecycle(input) {
   try {
     const config = loadAuthConfig();
     const region = input.region ?? config.defaultRegion;
-    const endpoint = buildEndpoint(region);
-    const headers = {
-      ...buildHeaders(config.accessKey, config.secretKey),
-      "Content-Type": "application/xml"
-    };
+    const url = `${buildEndpoint(region)}/${input.bucket}?lifecycle`;
     const xml = buildLifecycleXml(input.rules);
-    const response = await fetch(`${endpoint}/${input.bucket}?lifecycle`, {
+    const headers = buildSignedHeaders({
+      method: "PUT",
+      url,
+      accessKey: config.accessKey,
+      secretKey: config.secretKey,
+      region,
+      extraHeaders: { "Content-Type": "application/xml" },
+      body: xml
+    });
+    const response = await fetch(url, {
       method: "PUT",
       headers,
       body: xml
@@ -2441,9 +2599,15 @@ async function handleGetBucketVersioning(input) {
   try {
     const config = loadAuthConfig();
     const region = input.region ?? config.defaultRegion;
-    const endpoint = buildEndpoint(region);
-    const headers = buildHeaders(config.accessKey, config.secretKey);
-    const response = await fetch(`${endpoint}/${input.bucket}?versioning`, {
+    const url = `${buildEndpoint(region)}/${input.bucket}?versioning`;
+    const headers = buildSignedHeaders({
+      method: "GET",
+      url,
+      accessKey: config.accessKey,
+      secretKey: config.secretKey,
+      region
+    });
+    const response = await fetch(url, {
       method: "GET",
       headers
     });
@@ -2462,13 +2626,18 @@ async function handleSetBucketVersioning(input) {
   try {
     const config = loadAuthConfig();
     const region = input.region ?? config.defaultRegion;
-    const endpoint = buildEndpoint(region);
-    const headers = {
-      ...buildHeaders(config.accessKey, config.secretKey),
-      "Content-Type": "application/xml"
-    };
+    const url = `${buildEndpoint(region)}/${input.bucket}?versioning`;
     const xml = `<?xml version="1.0" encoding="UTF-8"?><VersioningConfiguration><Status>${input.status}</Status></VersioningConfiguration>`;
-    const response = await fetch(`${endpoint}/${input.bucket}?versioning`, {
+    const headers = buildSignedHeaders({
+      method: "PUT",
+      url,
+      accessKey: config.accessKey,
+      secretKey: config.secretKey,
+      region,
+      extraHeaders: { "Content-Type": "application/xml" },
+      body: xml
+    });
+    const response = await fetch(url, {
       method: "PUT",
       headers,
       body: xml
@@ -4919,11 +5088,11 @@ function registerDomainRegistrarTools(server) {
 }
 
 // src/tools/edge-services/handlers.ts
-import { API } from "@scaleway/sdk-edge-services/v1beta1";
+import { EdgeServicesv1beta1 } from "@scaleway/sdk-edge-services";
 function getApi() {
   const config = loadAuthConfig();
   const client = createScalewayClient(config);
-  return new API(client);
+  return new EdgeServicesv1beta1.API(client);
 }
 function successResponse4(data) {
   return {
@@ -11940,7 +12109,7 @@ var CreateEmbeddingInputSchema = z27.object({
 });
 
 // src/tools/generative-apis/handlers.ts
-function buildHeaders2() {
+function buildHeaders() {
   const config = loadAuthConfig();
   return {
     Authorization: `Bearer ${config.secretKey}`,
@@ -11955,7 +12124,7 @@ async function handleListModels(input) {
     const baseUrl2 = buildBaseUrl(input.region);
     const response = await fetch(`${baseUrl2}/v1/models`, {
       method: "GET",
-      headers: buildHeaders2()
+      headers: buildHeaders()
     });
     if (!response.ok) {
       const errorBody = await response.text();
@@ -11976,7 +12145,7 @@ async function handleGetModel(input) {
     const baseUrl2 = buildBaseUrl(input.region);
     const response = await fetch(`${baseUrl2}/v1/models`, {
       method: "GET",
-      headers: buildHeaders2()
+      headers: buildHeaders()
     });
     if (!response.ok) {
       const errorBody = await response.text();
@@ -12011,7 +12180,7 @@ async function handleChatCompletion(input) {
     };
     const response = await fetch(`${baseUrl2}/v1/chat/completions`, {
       method: "POST",
-      headers: buildHeaders2(),
+      headers: buildHeaders(),
       body: JSON.stringify(body)
     });
     if (!response.ok) {
@@ -12037,7 +12206,7 @@ async function handleCreateEmbedding(input) {
     };
     const response = await fetch(`${baseUrl2}/v1/embeddings`, {
       method: "POST",
-      headers: buildHeaders2(),
+      headers: buildHeaders(),
       body: JSON.stringify(body)
     });
     if (!response.ok) {
@@ -13462,11 +13631,11 @@ function registerNatsTools(server) {
 }
 
 // src/tools/sns/handlers.ts
-import { SnsAPI } from "@scaleway/sdk-mnq/v1beta1";
+import { Mnqv1beta1 } from "@scaleway/sdk-mnq";
 function getSnsApi() {
   const config = loadAuthConfig();
   const client = createScalewayClient(config);
-  return new SnsAPI(client);
+  return new Mnqv1beta1.SnsAPI(client);
 }
 function formatDate(date) {
   return date?.toISOString();

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "mcp-scaleway",
-	"version": "0.2.0",
+	"version": "0.2.2",
 	"description": "MCP server for Scaleway cloud provider",
 	"type": "module",
 	"main": "src/server.ts",